Twitter said it was aware of "a security incident" and "taking steps to fix it", but provided no further information hours after the hack began.

The hack unfolded over the course of several hours, and it appeared that Twitter was only able to stop it by preventing verified accounts from tweeting at all – an unprecedented measure.

The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted by some of the compromised accounts over the course of Wednesday afternoon.

While the motives and source of the attack are not yet known, the coordinated hijacking of the verified communications streams of world leaders, celebrities and major corporate accounts was a frightening prospect. Twitter has become a de facto wire service for the world and is used for official communications by governments during emergencies; a hack on the scale of Wednesday's attack could have been more disruptive or even dangerous.

"The amount of damage this could cause is very high," said Douglas Schmidt, a computer science professor at Vanderbilt University. "These people could hold information gleaned from the hack for ransom in the future."

Twitter issued a statement approximately 90 minutes after scam messages began being sent out by Musk's and Gates' accounts, as the attack was ongoing.

The company subsequently warned that some users would be unable to tweet or change their passwords as it worked to address the issue. The company appeared to be blocking verified users, whose accounts feature a blue checkmark to denote that Twitter has confirmed their identities, from tweeting.

Twitter's stock price tumbled more than 3% in after hours trading.

The hack probably targeted a vulnerability on Twitter's end rather than those of the individual account holders, said John Ozbay, the chief executive of the privacy and security tool Cryptee. Most high-profile users probably engage two-factor authentication, Ozbay said, and the hackers appeared to have enough control over the compromised accounts to "pin" a tweet. That would not have been possible if a hacked account were being controlled by SMS, as occurred when the Twitter CEO Jack Dorsey's own account was hijacked in 2019.

Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.

"The likelihood of attacks like this increase when people are working remotely it is much easier for bad actors to impersonate someone through an email and gain access to their accounts," said Schmidt. "Assuming this wasn't someone inside Twitter trying to take revenge, it appears to be a spear phishing attack – someone who has access to admin privileges that can override two-factor authentication and strong passwords fell victim to a hack".